"Carlos E.R." wrote:

On 18/09/2020 23.39, Chris wrote:
Carlos E.R. wrote:
On 18/09/2020 18.27, VanguardLH wrote:
Chris wrote:

Many employers don't allow employees to choose where to store files.

Did her school provide her with VPN access to their network?

No. They provide a web page with a login and tools, and they provide
Gmail for groups.

Then they could well be breaking GDPR rules. No "personal information"
should be stored on, nor sent via, unsecured mechanisms - personal info
includes students' details. Email is not a secure mechanism by any stretch
of the imagination.

Well, "Gmail for groups" claims privacy, it is not the same as "personal
Gmail". Problem is, the students themselves don't seem to have an
account there, so email to them would be "on the wild".

irony mode on.

However, politicians wrote a law that orders email to be private and
that nobody can read it. Who cares if email is not really so? As far as
they care, they ordered it to be secure, under penalty of imprisonment.
If anyone reads the wrong email, he can go to prison. Problem solved.

:-P

Even more stupid are gov't agencies that demand use of faxing to
transfer sensitive documents. They don't trust e-mail despite e-mail
certificates provide security; however, rare few users install an e-mail
certificate for use with their local e-mail program. Encrypted e-mail
is by invite: the one (recipient) wanting to get encrypted emails has to
digitally sign an invite e-mail (by adding their digital signature to an
outbound e-mail), the other party has to store that public half of the
sender's certificate (in the digital signature), the other party then
uses that public cert to encrypt their e-mails back to the first party,
and the first party (that did the invite with their public half of their
cert) is the only one that has the private half of their cert to decrypt
the encrypted message. With the diminishing sources to get free e-mail
certificates, having do to the setup, remembering to digitally sign
their e-mails to those they are inviting to send encrypted e-mails back
is too much setup for most e-mailers to bother with; however, it is very
possible to setup encrypted e-mails between any sender (that gets the
public half of the cert) and a recipient (the only one with the private
half of the cert). How many users do you know that have configured
their e-mail program to do encrypted messaging? Gov't boobs figure
e-mail is insecure because that's the default mode of transmission:
unencrypted.

Faxing is even less secure than e-mail: (1) the transmission is NOT
encrypted, but sent in the clear, so anyone intercepting the
transmission can read it; and, (2) the fax sits around in the fax
machine's output hopper at work where anyone walking by can read it
instead of the specified recipient (fax machines are shared at work, not
a unique one on every worker's desk). Yes, there are encrypted fax
machines, but they must be used at both endpoints in the transmission,
and that rarely happens except between businesses or gov't agencies that
have established secure faxing between themselves. That is, encrypted
faxing is an interdepartmental thing, not something users bother with,
especially since they aren't going to pay for a fax machine that
encrypts.